Microsoft tells customers to disable Windows Sidebar, Gadgets

It's recommending that all users disable the Windows Sidebar and Gadgets — immediately.

"Disabling the Windows Sidebar and Gadgets can help protect customers from vulnerabilities that involve the execution of arbitrary code by the Windows Sidebar when running insecure Gadgets," states a security advisory released July 10 by Microsoft. (Msnbc.com is a joint venture ofMicrosoft and NBCUniversal.)

"In addition, Gadgets installed from untrusted sources can harm your computer and can access your computer's files, show you objectionable content, or change their behavior at any time."

Fidget, widget, gadgetGadgets are those little mini-applications, resembling animated icons, that hang around the desktop to tell you the time, weather, news headlines and so on. (Other software makers, including Apple and Yahoo!, call them "widgets.")

Gadgets, and the Windows Sidebar they live in, first appeared in 2007 as a default setting in Vista. Many users hated them, complained that they took up too many computer resources and turned them off immediately.

Windows 7 has Gadgets built in as well, but they're turned off by default. Instead of being in a sidebar pinned to the right edge of the screen, Gadgets are in a floating window that can be placed anywhere on the desktop.

If you're running Windows 7 and really want to see them, right-click on your desktop and select "Gadgets."

But Microsoft now wishes you really wouldn't. Its security advisory points to a download page that contains a tool users can run to disable Gadgets and, in Vista, the Sidebar.

The page where Microsoft used to host additional Gadgets for download now states, "The Windows website no longer hosts the gadget gallery."

Pre-emptive executionGraham Cluley of the British security firm Sophos thinks Microsoft's sudden decision to kill a five-year-old piece of software has to do with a presentation, entitled "We Have You by the Gadgets," scheduled for the Black Hat security conference later this month in Las Vegas.

"We will be talking about the Windows Gadget platform and what the nastiness that can be done with it," state the presenters in less-than-perfect English on the Black Hat website. "We will be talking about our research into creating malicious gadgets, misappropriating legitimate gadgets and the sorts of flaws we have found in published gadgets."

Presumably, the presenters will demonstrate how easy it is to create Trojan-horse malware in the form of gadgets.

It's likely that the problem lies with third-party gadgets, not Microsoft's own, but Cluley found it noteworthy that Microsoft isn't even trying to fix the problem.